Phone spying busted

BUSTED! Secret app on millions of phones logs key taps article tells that Android app developer Trevor Eckhart has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.

That’s not just creepy, says Paul Ohm, a former Justice Department prosecutor and law professor at the University of Colorado Law School.

“If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap.” he says. “And that gives the people wiretapped the right to sue and provides for significant monetary damages.”

“In the next days or weeks, someone will sue, and then this company is tangled up in very expensive litigation,” he adds. “It’s almost certain.”

In a blog post, chpwn confirms that, based on his initial testing, Apple has added some form of Carrier IQ software to all versions of iOS, including iOS 5. However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default.

Carrier IQ, the now infamous “rootkit” or “keylogger”, is not just for Android, Symbian, BlackBerry, and even webOS. In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases.

Tomi Engdahl says:

Carrier IQ confirmed that it does not record keystrokes and does not provide monitoring tools. According to the company’s software is designed to collect the “operational information” on phones and tablets.

Carrier IQ’s of the software is installed on 141 million mobile phone.

Either way, the Nokia washes its hands of the mess. The official answer is that the phones of Carrier IQ is not found. The point.

Carrier IQ is likely to stir a range of actions in the United States, Forbes magazine predicts.

Tomi Engdahl says:

Phone manufacturer HTC says a number of American operators require software to be installed on your devices and urges the media to ask the program operators. In addition, HTC said it would examine ways to now offer users the opportunity not to allow the program to work phones.

The program has not been seen in Finland or the phones sold in Europe.

Verizon, in addition to Research In Motion ( RIM ), Microsoft and Nokia have denied install software phones. The use of the phones recognized by Apple , AT & T , Sprint , HTC , Samsung and T-Mobile .

Tomi Engdahl says:

While CIQ might “listen”* to a smartphone’s keyboard, it’s listening for very specific information. Company executives insist it doesn’t log or understand keystrokes. It’s simply looking for numeric sequences that trigger a diagnostic cue within the software. If it hears that cue, it transmits diagnostics to the carrier.

“The software receives a huge amount of information from the operating system,” Andrew Coward, Carrier IQ’s VP of marketing, told AllThingsD. “But just because it receives it doesn’t mean that it’s being used to gather intelligence about the user or passed along to the carrier.”

“What the Eckhart video demonstrates is that there’s a great deal of information available on a handset,” says Coward. “What it doesn’t show is that all information is processed, stored, or forwarded out of the device.”

Amid what’s snowballing into a major privacy controversy, AT&T, Sprint, HTC and Samsung today confirmed that that their mobile phones integrate a controversial piece of tracking software from a company called Carrier IQ.

Both wireless carriers AT&T and Sprint insisted that the software is being used solely to improve wireless network performance while phone makers HTC and Samsung said they were integrating the software into their handsets only because their carrier customers were asking for it.

It’s hidden. Short of rooting, or removing certain software safeguards to obtain “administrator” access to your phone, it’s almost impossible to know if it’s there.
It’s everywhere. The software reportedly exists on millions of handsets on several carriers, including many Android phones and even some versions of the iPhone.
It’s not opt-in. Without the user’s explicit approval, the software is enabled and gathering data on the phone.
It’s voracious. According to Trevor Eckhart, who created the recent explosion of attention on Carrier IQ with a video he posted on YouTube earlier this week, the software logs every keystroke and incoming text message. However, there’s some question about how much of this information is actually sent to the carriers.

“Consumers need to know that their safety and privacy are being protected by the companies they trust with their sensitive information,” said Sen. Franken. “The revelation that the locations and other sensitive data of millions of Americans are being secretly recorded and possibly transmitted is deeply troubling. This news underscores the need for Congress to act swiftly to protect the location information and private, sensitive information of consumers. But right now, Carrier IQ has a lot of questions to answer.”

It appears that this software runs automatically every time you turn your phone on. It also appears that an average user would have no way to know that this software is running—and that when that user finds out, he or she will have no reasonable means to remove or stop it.

But it appears that Carrier IQ’s software captures a broad swath of extremely sensitive information from users that would appear to have nothing to do with diagnostics—including who they are calling, the contents of the texts they are receiving, the contents of their searches, and the websites they visit.

Tomi Engdahl says:

An embattled phone-monitoring software maker said Friday that its wares, secretly installed on some 150 million phones, have the capacity to log web usage, and to chronicle where and when and to what numbers calls and text messages were sent and received.

data they vacuum to their servers from handsets is vast — as the software also monitors app deployment, battery life, phone CPU output and data and cell-site connectivity, among other things. But, they said, they are not logging every keystroke as a prominent critic suggested.

The data, which gets downloaded from consumers’ phones roughly once a day, is encrypted during transit and also provided to carriers to enhance the “user experience,” these executives said.

it does transmit website addresses to some carriers as a diagnostic tool.
“We’re seeing URLS and we can capture that information,” Coward said during the two-hour interview.

The company holds onto the data for 10 to 30 days, depending on the carrier.

The software runs hidden from users, who generally can’t find it or uninstall it

Sometimes the software is baked right into the phone during production, other times it is added afterward. The level of detail the software provides varies from carrier to carrier, Coward said.

That data is simply linked to chip and phone identification numbers,

COMMENTS:

To put it in context Carrier IQ have everything recorded for doctors, politicians, reporters, activists, police chiefs, your children, your family, details of every photo taken, email sent, SMS, app run, URL queried, searches done, video watched, bank account inspected, medical symptoms checked.
The time, the location of everything too, they have the tower data, so they have the location triangulation, perhaps even the phones GPS is recorded if it’s on.

The data is collected per handset and sent per handset, so it is known per handset, regardless of this comment “Some carriers collect the the data on an anonymized basis.”.

And it’s linkable to the user because the billing is linkable to the user.

But hey “we don’t record EVERY keystroke”, no not EVERY keystroke, there’s still 2% more privacy invasion we could do!

And he acts like he’s broken no laws, and there’s no privacy implications and the only things that matter is whether his customers (the carriers) gave permission.

It seems like carrier IQ tries to put lipstick on a pig to make it look pretty. They’ve been exposed. It’s the nature of companies that get caught to deceive. Very slimy indeed. The company will try and paint itself as the best thing next to sliced bread, and that telcos couldn’t possibly live without them.

Companies don’t seem to believe you have any rights. They make you sign contracts saying you don’t own the device, only a service. And just listen to Mark Zuckerburg: He does not think you deserve or are entitled to privacy.

It seems that in one form or another, surveillance on the populace is here to stay.

Tomi Engdahl says:

“While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video,” the company said in a statement released late Thursday.

“I’ve reverse engineered the software myself at a fairly good level of detail,” Rosenberg said. “They’re not recording keystroke information, they’re using keystroke events as part of the application.”

The difference is subtle but important

But Rosenberg said his look at the Carrier IQ program revealed “a complete absence of code” that would indicate key presses were being tracked and recorded or sent over the Internet by the phone.

Carriers like AT&T, T-Mobile and Sprint have long disclosed that they collect and store information about users’ locations, phone records and text messages. But what appeared to unnerve consumers and privacy observers was the possibility that the companies had gone a step further and were monitoring nearly every action a user performed on the phone.

Whatever your opinion of the data CIQ is collecting on behalf of the carriers, having that data available to other apps on the device is a serious security issue. However, Coward argues that it is not a CIQ security issue.

Andrew Coward, Carrier IQ: When a piece of information is sent to us from the operation system, we do not need it to go through that log file. There is no value to us in reading a keylog file, that’s not how our software works.

Coward: That logfile is not our logfile. It’s a standard, Android system logfile. What goes in that logfile is up to the manufacturer. …So, you would hope in a shipping device, you wouldn’t get very much information to go in there.

Coward: What should be happening, is it should just be giving it to us through the API. What appears to be happening is that it’s giving it to us and making a copy of what it gave to us in the log file.

It’s also important to note that CIQ’s software is still, in fact, listening to both keystrokes and SMS messages on many devices, though CIQ claims it does not log, store, or transmit them.

Tomi Engdahl says:

Yes, Carrier IQ is a vast digital fishing net that sees geographic locations and the contents of text messages and search queries swimming inside the phones the software monitors, the company’s VP of marketing, Andrew Coward, said in an extensive interview. But except in rare circumstances, that data is dumped out of a phone’s internal memory almost as quickly as it goes in. Only in cases of a phone crash or a dropped call is information transferred to servers under the control of the cellular carrier so engineers can troubleshoot bottlenecks and other glitches on their networks.

“What the video is depicting is the application printing out what are known as bugging logs,” he said. “It’s a way that applications keep a temporary record of the things they were doing so if anything were to break, a developer could go and read that record and figure out what went wrong. That’s very different from the application actually recording that information and sending it off to the carrier.”

In other words, a phone with Carrier IQ on it may receive an SMS that has formatting in it that calls some sort of an API?

Right.

And who has custody of that information?

As with all the information, the information is not controlled by us. It’s controlled by the operator. We have no rights to that data.

What percentage of that 200KB do you reckon is radio conditions? Would it be 80 percent, 20 percent?

It varies depending on the customer. It could be as much as 80 percent. Our advice to customers is to keep it within that 200KB framework. Just doubling it to 400KB or doubling it to twice a day obviously doubles the amount of processing power you need to deal with it.

Tomi Engdahl says:

Some Android anti-virus firms have begun releasing Carrier IQ detection apps, but only after the controversial software became a talking point on Capitol Hill … and a month after a security researcher first discovered it.

BitDefender released Carrier IQ Finder, an app that identifies the presence of the controversial mobile diagnostic tool, following Lookout’s earlier release of a similar tool called Carrier IQ Detector. Both applications let mobile phone users know if they have Carrier IQ running on their Android phone without actually removing it. Each has been available at no charge via the official Android Market since last Thursday (3 December).

Tomi Engdahl says:

Carrier IQ is finding itself under even greater scrutiny than its clients’ customers, following allegations that its mobile tracking software is invading the privacy of phone users.

Two class-action lawsuits have been filed against it and various other companies, and it’s also reported to be under investigation by European regulators.

In a suit filed in the Delaware District Court, Carrier IQ – along with AT&T, Sprint, T-Mobile, Apple, HTC, Samsung and Motorola – is accused of violating the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act.

Another suit, filed in California, makes similar allegations.

Meanwhile, several European regulators have queried the legality of the software.

The Bureau has now responded with a rejection of the request, claiming an exemption applies because such documents “could reasonably be expected to interfere with enforcement proceedings.”

While many have been quick to assume the worst, the Muckrock article says it’s unclear “whether the FBI used Carrier IQ’s software to in its own investigations, whether it is currently investigating Carrier IQ, or whether it is some combination of both – not unlikely given the recent uproar over the practice coupled with the U.S. intelligence communities reliance on third-party vendors.”

Tomi Engdahl says:

A recent FOIA request to the Federal Bureau of Investigation for “manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ” was met with a telling denial. In it, the FBI stated it did have responsive documents – but they were exempt under a provision that covers materials that, if disclosed, might reasonably interfere with an ongoing investigation.

What is still unclear is whether the FBI used Carrier IQ’s software in its own investigations, whether it is currently investigating Carrier IQ, or whether it is some combination of both

It probably wouldn’t come as a surprise if the FBI were to use data from Carrier IQ, but there’s no need for alarm, just yet. However, that’s contrary to what’s being reported elsewhere, so let’s take a moment to clear the air.

As Cormier points out, the letter indicates that the request was denied because of pending or prospective proceedings. That is to say that there is no indication of an ongoing investigation, or any investigation at all.

Tomi Engdahl says:

“In this document, we want to let consumers to know exactly what it is that our software does, the security measures we have in place, and our commitment through our software design and processes to protecting consumers’ privacy while improving consumers’ experience.”

Tomi Engdahl says:

A recent rumor has hit the internet stating that Sprint has asked its manufacturer partners to remove Carrier IQ’s software from all of the devices that it carries. We reached out to Sprint for a comment on the matter, and while the carrier said that it does not comment on rumors, it did confirm for us that it is disabling the Carrier IQ software on its phones and it is no longer collecting data from it.

“We have weighed customer concerns and we have disabled use of the tool so that diagnostic information and data is no longer being collected,” said Sprint in an email to Mobile Burn. “We are further evaluating options regarding this diagnostic software as well as Sprint’s diagnostic needs.”

Tomi Engdahl says:

The Electronic Frontier Foundation, in a continued bid to fight against injustices related to emerging technologies, has cracked open the Carrier IQ software package.

With the help of a few volunteers Carrier IQ has been parsed into its three layers — an app, a database, and a configuration file — and produced an app to uncover exactly what information your handset is collecting. Using the app, IQIQ, the EFF hopes to garner enough user data to blow the thing completely open.

[...] of it will surface. Last year’s findings have included Location data collecting smart-phones, Carrier IQ phone spying busted and Police Surveillance system to monitor mobile phones. In USA the Patriot Act lets them [...]

Tomi Engdahl says:

SECURITY RESEARCHERS have uncovered Android malware that claims to help you out by removing Carrier IQ spyware and unlock hidden functions.

Symantec and F-Secure have released details of scams in which users are tricked into downloading and using an app or web site to supposedly remove or unlock content. They have identified two such Trojans that instead send text messages to premium rate phone numbers.

Criminals have turned to mobile malware due to the recent increase in the adoption of smartphones. However, it is unclear whether these types of threats will reach the level of significance associated with desktop malware.

What do you get when you mix technology with candy bars? In a cool yet creepy marketing campaign, Nestle plans to stalk consumers with a “we will find you” promotion that involves GPS trackers embedded in chocolate bars.

What do you get when you mix technology with candy bars? In a cool yet creepy marketing campaign, Nestle plans to stalk UK consumers. The company kicked off a unique promotion called “We will find you” that involves GPS trackers embedded in chocolate bars. When a winning consumer opens the wrapper, it activates and notifies the prize team who promises to track them down within 24 hours to deliver a check for £10,000.

New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked.

The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices.

The flaws affected the latest 3G networks that were hardened by discarding GSM interoperable networks that were long known to be vulnerable to interception techniques.

Attackers did not need to perform cryptographic operations nor possess security keys to instigate the attacks.

“[These] kind of vulnerabilities usually look trivial once uncovered but often remain unnoticed for [a] long time, since they do not involve fancy cryptography but are caused by errors in the protocol logic,” the researchers wrote in a paper.

The 3G global industry watchdog, the 3GPP, is investigating the research. It was reportedly informed of the flaws about six months ago, but lengthy revision processes for global mobile phone protocols could explain why fixes have not been circulated and implemented.

Two attacks were conducted using off-the-shelf kit and a rooted — or modified — femtocell unit which broadcasted a 3G signal. The attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones in both directions.

One attack, the IMSI paging attack, forced mobile devices to reveal the static identity (TMSI) in response to a temporary number (IMSI) paging request which contained the IMSI, a number which was assumed was known to the attacker.

This would reveal the presence of devices in a monitored area, breaking anonymity and ‘unlinkability’ by revealing the IMSI and TMSI correlation.

In the Authentication and Key Agreement (AKA) protocol attack, the same authentication request would be injected to all phones in range causing all but the targeted device – which would return a Mac failure — to respond with synchronisation failures.

The researchers wrote that the attacks could be used to track staff movements within a building.

“If devices with wider area coverage than a femtocell are used, the adversary should use triangulation to obtain finer position data.”

i want to put a weather balloon up in the sky. What is the best GPS tracking device i can you. I want to track it on my computer while it is in the air. so whats the best GPS and where can i get it.Plus the price you want to say.

The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.

The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.

One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones.

U.S. officials said the programs that collect and analyze location data are lawful and intended strictly to develop intelligence about foreign targets.

The NSA has no reason to suspect that the movements of the overwhelming majority of cellphone users would be relevant to national security. Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect.

CO-TRAVELER and related tools require the methodical collection and storage of location data on what amounts to a planetary scale.

“One of the key components of location data, and why it’s so sensitive, is that the laws of physics don’t let you keep it private,”

The number of Americans whose locations are tracked as part of the NSA’s collection of data overseas is impossible to determine from the Snowden documents alone, and senior intelligence officials declined to offer an estimate.

Everyone who carries a cellphone generates a trail of electronic breadcrumbs that records everywhere they go. Those breadcrumbs reveal a wealth of information about who we are, where we live, who our friends are and much more. And as we reported last week, the National Security Agency is collecting location information in bulk — 5 billion records per day worldwide — and using sophisticated algorithms to assist with U.S. intelligence-gathering operations.

How do they do it? And what can they learn from location data? The latest documents show the extent of the location-tracking program we first reported last week.

The NSA doesn’t just have the technical capabilities to collect location-based data in bulk. A 24-page NSA white paper shows that the agency has a powerful suite of algorithms, or data sorting tools, that allow it to learn a great deal about how people live their lives.

Those tools allow the agency to perform analytics on a global scale, examining data collected about potentially everyone’s movements in order to flag new surveillance targets.

For example, one NSA program, code-named Fast Follower, was developed to allow the NSA to identify who might have been assigned to tail American case officers at stations overseas. By correlating an officer’s cellphone signals to those of foreign nationals in the same city, the NSA is able to figure out whether anyone is moving in tandem with the U.S. officer.

Remember Carrier iQ? In the years before Edward Snowden’s revelations about the NSA, the name and its software became synonymous with creepy, unseen monitoring of everything that you do on a smartphone on behalf of carriers and phone makers — allegedly in the name of better user experience.

Now the company appears to be no longer.

TechCrunch has confirmed that AT&T has acquired certain software assets from Carrier iQ, along with some staff. The site itself — and the wider company, it seems — has gone offline.

“We’ve acquired the rights to Carrier iQ’s software, and some CIQ employees moved to AT&T,” an AT&T spokesperson tells us. AT&T signed on as a customer years ago to use the CIQ software across phones on its network to troubleshoot wireless quality for its customers, and the spokesperson went on to explain that this still the case.